Raccoons, Incomplete fixes and Kernel Exploits
Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities. [00:02:30] CCC going remote this year due to pandemic [00:09:44] NVIDIA to Acquire Arm for $40 Billion [00:20:36] OSCE being retired https://ringzer0.training/ [00:34:21] Giggle; laughable security [00:44:51] Raccoon Attack https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks [00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs [01:02:07] Cache poisoning via X-Forwarded-Host [01:08:56] Team object in GraphQL disclosed private_comment [01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps [01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities [01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs [01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460] [02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption [02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU [02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release [02:20:08] IDA Pro Tips to Add to Your Bag of Tricks [02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])